Site   Web

July 6, 2011

4 Critical Reasons Why You Should Review Your Privacy Policy Right Now

A periodic review of your privacy policy is always a good idea, given the significant increase in privacy regulations beginning in 2009. However, at least four developments in the last six months provide an impetus for an immediate privacy policy review. Do it now to avoid significant legal exposure.

Reason No. 1 – Preliminary FTC Staff Report

Last December, the Federal Trade Commission (FTC) issued its Proposed Framework For Businesses And Policymakers. In it, the FTC stated in no uncertain terms that the current privacy policy model, known as “notice and choice”, is not working as intended.

These statements taken from the Staff Report make it clear that big changes are ahead:

* “Specifically, the notice-and-choice model, as implemented, has led to long, incomprehensible privacy policies that consumers typically do not read, let alone understand.”

* “In recent years, the limitations of the notice-and-choice model have become increasingly apparent. Privacy policies have become longer, more complex, and, in too many instances, incomprehensible to consumers.”

* “Too often, privacy policies appear designed more to limit companies’ liability than to inform consumers about how their information will be used.”

After stating these concerns about the effectiveness of privacy policies, the FTC expressed clearly what it expects in terms of privacy policies going forward.

* “For instance, although privacy policies may not be a good tool for communicating with most consumers, they still could play an important role in promoting transparency, accountability, and competition among companies on privacy issues – but only if the policies are clear, concise, and easy-to-read.”

* “Thus, companies should improve their privacy policies so that interested parties can compare data practices and choices across companies.”

So, there you have it. Your privacy policy review should begin with a view to how you might restate it in “clear, concise, and easy-to-read” plain English.

Reasons 2 and 3 – FTC’s Google Settlement

On March 20, 2011, the FTC announced its proposed settlement regarding Google’s BUZZ online service. This settlement provides two additional reasons for an immediate privacy policy review.

First, the FTC announced that there is a new type of sensitive information that’s risen to the level of personal information in terms of privacy protection. It’s called “covered information”, and it includes location data, screen names, and lists of contacts.

To be legally compliant, privacy policies now must disclose how “covered information” is collected, used, shared and disclosed.

Second, in its proposed settlement with Google, the FTC hammered home a theme that’s not new, but one that bears repeating because it’s a big area of concern by the FTC. This is the big gotcha to be avoided at all costs: Collection, use, or sharing of personal-covered information in a manner that is materially different from, or contrary to, the stated purpose in your privacy policy.

This is an easy trap to fall into inadvertently, and Google did just that by collecting personal information for use with its Gmail service, then transferring the Gmail customers to its new BUZZ service without permission.

So, when you review your privacy policy, see if you have made a material change regarding your stated purpose for collection, use, or sharing of personal-covered information. If you’ve made a material change and you haven’t received permission from the affected persons, get permission immediately.

Reason 4 – Google’s AdWords Announcement

On May 17, 2011, Google announced a new policy for participation in its AdWords program. Non-qualifiers will be banned from AdWords.

These are Google’s new requirements for privacy policies to be eligible for participation in AdWords:

* Clear, accessible disclosure how information is used,

* Option to discontinue direct communications (email, phone), and

* Use of Secure Socket Layer (SSL) to protect transmission of financial and personal information. Note that these new requirements are consistent with current FTC policies expressed in its Proposed Framework.


Given these aggressive new privacy initiatives by the FTC, an immediate and thorough review of your privacy policy is a must.

Failure to keep up with these and other developments could result in substantial liability.

Leading SaaS attorney Chip Cooper has automated the process of drafting Website Legal Compliance documents with his MyLegalFirewall website legal documents generator. Use his free online tool — Website Contracts Determinator — to see which documents your site needs. Discover how you can draft near-custom website legal documents, even if you have no knowledge whatsoever at .